It applies to the next version of Iota protocol, currently being developed on the experimental Goshimmer platform. This post follows ideas of Atomic transfers / transactions instead of bundles.
In short, current bundles of transactions to be replaced by variable size transactions, which are communicated as atomic pieces of data.
One of the main reasons is to avoid rather complicated way to reconstruct the bundle from independently gossiped transactions.
New transactions will basically take over functions of the bundle.
The below also takes into account requirements to the base protocol by the level 2 smart contracts (Qubic assemblies). See also “Signature scheme considerations” below.
EDIT: timestamp, sharding-related, mana-related and maybe some other fields were missed, must be placed somewhere into the layout
EDIT 2: also nonce and rate control related (sequence numer) fields must be added
Binary is assumed, but in general it can be ternary too.
Transaction
Transaction consist of header and any number of blocks:
[Transaction] ::= [header] [block 1]…[block N]
So, the shortest transaction consists of the header only.
Header
It contains Trunk, Branch, App ID and Tag fields.
[Header] ::= [trunk] [branch] [app id] [tag]
Trunk and Branch has usual interpretation, each of size of the hash (32 bytes).
App ID and Tag fields can contain any data. It is interpreted by applications, most likely as unique id of the application and type of the transaction respectively.
AppID and Tag fields are indexed and searchable by the node.
AppID has 32 bytes size. Tag has 16 or 32 byte size.
For example, for qubic assemblies App ID will be used as globally unique ID of the assembly (smart contract address), and Tag field will be used to recognize types of assembly transactions: epoch transaction (configurations), request transaction and state update transaction.
The reason to have 2 arbitrary tag fields is to provide fast search in the Tangle, because the rest of the transaction is not fixed or even not guaranteed.
Blocks of the transaction
Each block can have different size and can be of different types. There must be metadata to recognize type of the block. Block is identified by it’s index within the transaction.
There are several types of blocks. Each type defines own validation rules of the block.
Invalid block makes the whole transaction invalid. I.e. transaction is valid only if all blocks are valid.
The block of any type can be validated independently from other blocks in the transaction.
Therefore, validity of the transactions does not depend on the particular sequence of blocks within it.
There are 4 types of blocks:
(Note: it may be reduced to 3 types, see below)
Fund transfer block
It contains valid UTXO transfer data:
- input address (EDIT. not needed. All inputs must point to outputs to the same address)
- one or more inputs (indexed)
- signature of inputs
- one or more outputs (indexed)
Address is input account address.
Input is a reference to the (unspent) output in another block in another transaction.
[Input] ::= [transaction hash] [block index] [output index]
where:
transaction hash is hash of another transaction
block index is index of the transfer block in that transactions. The field can be 1 or 2 byte long
output index is index of the output in that block. The field can be 1 or 2 byte long
[output] ::= [address] [value]
where:
address is the target address
value is the number of iotas
The validation rules are usual for UTXO transfers: the transfer must preserve ledger balance and signature must be valid
Data block
The block contains any data of arbitrary length (maximum length must be capped by the protocol).
The data block content is not validated by the protocol.
Signed data digest
It contains arbitrary data of the size of hash (the digest) and signature.
[signed data digest] ::= [digest] [signature]
The block is validated by the node by checking validity of the signature.
It is up to the application what data to put into the digest section, but commonly it will contain hash of one or several data blocks of the same transaction.
Presence of such a block will enable signing and validation of the arbitrary combinations of the data of the transaction by the base protocol, i.e. base protocol won’t allow transactions with invalid signatures of data blocks to be confirmed.
The use-case specific semantics of the block is up to the application.
Chain link block
This is special type of block can be used to create “non-forkable” chains of transactions by applications on the layer 2.
Presence of this type of block ( or perhaps even more than one), makes the whole transaction the subject to the chain constraint.
Chain link block can be implemented the following two ways:
- “native” chain link. It will contain:
-
chain reference: a hash of another transaction and the block index
[chain reference] ::= [tx hash][block index]
The [tx hash] may be NULL hash (all 0s). -
public key for the next chain block.
-
signature of the [chain reference]
Validation rules of the block:
- if [tx hash] is not NULL, it must point to another transactions and the [block index] must point to the chain block within it.
- signature must be verifiable with the public key, contained in the referenced chain link block
- it is not allowed more than one valid chain link block with the same referenced chain block. I.e. two such chain blocks are considered conflicting.
- Chain link can also be implemented as UTXO transfer of 1 iota to the same address (a colored chain).
This sequence of such transfers will effectively create a chain, because sequence of signed 1 iota transfer transactions cannot be forked.
The block would be just an ordinary fund transfer block with usual validation rules. Functionally it will be equivalent to the “native” chain link block.
It this case we don’t even need a special type of chain link block with “native” implementation of chain links.
Signature considerations
We assume the next version of Iota will use the following signature schemes and, respectively, addresses:
- WOTS, for backward compatibility and quantum resistant accounts
- ECDSA, currently being implemented as a part of Chrysalis upgrade.
- BLS multi-signatures, which also allows Shamir secret sharing scheme and threshold signatures.
BLS signatures and addresses are needed for layer 2 smart contracts for the following purposes:
- to enable control over iota accounts by the quorum of (shared) secret holders
- to enable building the chain of consistent state updates on the tangle by the quorum of secret holders .